ICD Brief 10.

ICD Brief 10.

19.09.2016. – 25.09.2016.

USA

“A piecemeal approach to cybersecurity overly focused on tools, automation and training without an underlying strategy cannot hope to succeed against the constant threats and attacks federal systems face today, information technology leaders say. Yet most agencies do not have comprehensive cyber strategies in place, according to a Brookings Institution study of federal agency strategic plans.”

“Are we organized correctly to defend our weapon systems from the cyber threats of the future?” asks Gen. John E. Hyten, who leads Air Force Space Command. “The answer is, ‘No, we’re not.’ What are the missions we do in space today? Provide information; provide pathways for information; in conflict, we deny adversaries access to that information,” he told an audience on Wednesday at the Air Force Association’s annual conference outside Washington, D.C. The same is true of cyber.”

“Lt. Gen. J. Kevin McLaughlin, the U.S. Cyber Command deputy commander, discussed the missions, capacity and capabilities of USCYBERCOM during a cyber warfare session at the Air Force Association Air, Space and Cyber Conference here Sept. 20. McLaughlin detailed the journey toward building cyber mission forces and how the command plans to fight and command and control those forces.”

“The top Democrats on the U.S. Senate and House of Representatives intelligence committees accused Russia on Thursday of trying to influence the Nov. 8 U.S. election via computer hacking, and called on President Vladimir Putin to order a halt.”

“Krebs on Security, a blog run by estimable researcher Brian Krebs has been knocked off the Internet by what may be the largest DOS attack in history. A Denial of Service attack on the Internet is simply a massive flood of traffic designed to disrupt a site, usually launched from a botnet, a large group of compromised computers controlled by a single actor. DOS attacks happen all the time, but the scale and type of attack we are seeing here is unprecedented.” See our Featured.

Israel

“April 2016 marked the official beginning of the National Cyber Defense Authority (“the Authority”). Its primary function is “to direct, operate, and execute as needed all defensive and operational efforts at the national level in cyberspace, based on a systemic approach, to allow a full and constant defensive response to cyberattacks, including the handling of cyberspace threats and cyber events in real time, formulation of a current situation assessment, gathering and research of intelligence, and work with the special institutions” (Government Decision No. 2444 of February 15, 2015). The director of the Authority is subordinate to the head of the National Cyber Staff, who is defined as the head of the national cyberspace operation.”

“The Department of Capital Market, Insurance and Savings at the Israeli Ministry of Finance has issued the final version of its Circular on Cyber Risk Management in Institutional Entities (Institutional Entities Circular 2016-9-14). Among other topics, the circular addresses the following matters:

The roles and responsibilities of the institutional entity’s CEO and board of directors

Appointing a chief cyber-defense officer with experience and expertise in cyber-defense.

“Japan is to sign a memorandum of understanding with Israel on technological cooperation as part of its efforts to step up cybersecurity ahead of the 2020 Tokyo Olympics. The signing could take place this year. While Japan wants to boost its defenses against cyberattacks in the run-up to the 2020 games, Israel is seeking to strengthen its presence in Asia’s cybersecurity market. The Israeli government two years ago set up CyberSpark, a special information-technology zone, on the campus of Ben-Gurion University of the Negev in Beer Sheva. CyberSpark is meant to bring together people from the government, the military and international companies. Together, it is hoped these specialists forge a strategic hub for cyber-related technological development.”

UK

“Lord David Blunkett today launched The Cyber Highway, a new online portal designed to protect the supply chain from cyber attack. The Cyber Highway will allow large businesses and enterprise companies to monitor in real-time the progress that their suppliers are making, thus strengthening the cyber defence of the supply chain. The Cyber Highway hopes to be an effective tool in the fight against security breaches, with the online portal looking to reduce the £34.1bn cost of cyber security breaches seen last year.”

“Applications are open to cyber security startups for the first of two cyber innovation centres to receive £50m over five years, as part of the government’s £1.9m National Cyber Security Programme. The UK government has announced a “ground-breaking” partnership with tech startups to develop cutting-edge, world-leading cyber security technology.”

“Professional services firm PwC has launched a cyber security simulation exercise for senior executives that aims to gamify the concept of dealing with a cyber attack. Dubbed Game of Threats, the game pits attackers against defenders in a digital card game, which it says is designed to simulate the experience that leadership teams could realistically face in the midst of a cyber-attack.”

Baltics/Estonia

“Estonia’s priorities in the European Commission work programme for 2017 are the development of the digital single market and quick proceeding of relevant legal acts. Next year is a very important one for Estonia on pan-European level – for the first time, the country will take over the rotating European Union (EU) presidency for six months, in the second half of 2017. Originally, Estonia was expected to hold the European Council presidency in early 2018, but due to the United Kingdom’s post-Brexit decision to withdraw from the EU, Estonia took over the UK’s slot.”

Slovakia

“In terms of cyber security the situation in Slovakia is more or less comparable with other countries in the region. Nevertheless, cyber security has been under-estimated also in Slovakia, and experts see fragmentation of responsibility for cyber security at the national level as one of problems.”

Iran

“A series of fires at Iranian petrochemical plants and facilities have raised suspicions about hacking potentially playing a role, with authorities saying that “viruses had contaminated” equipment at several of the affected complexes.”

Russia

“Jakarta and Moscow have agreed to enhance cooperation on cybersecurity to counter transnational crime, especially terrorism. The two countries agreed to intensify cooperation on securing the distribution of digital information and to hold regular consultations on security and defense, Coordinating Political, Legal and Security Affairs Minister Wiranto said on Monday.”

“Germany is investigating a series of sophisticated computer hacking attacks on MPs and political parties amid fears Russia may be trying to influence the outcome of next year’s elections. The offices of several MPs inside Germany’s parliament were targeted in the attacks, as well as regional offices of Angela Merkel’s Christian Democrats (CDU) and rival parties.”

India/Singapore

“With the aim to exchange information and best practices on cyber security, the Data Security Council of India (DSCI), a premier body on cyber security, on Saturday launched its first global chapter in Singapore. “Cyber Security is a global issue and needs attention of all stakeholders. It is essential that countries become partners to address this issue collaboratively.” said Vijay Thakur Singh, High Commissioner to Singapore, in a statement.”

Features

“For the better part of a day, KrebsOnSecurity, arguably the world’s most intrepid source of security news, has been silenced, presumably by a handful of individuals who didn’t like a recent series of exposés reporter Brian Krebs wrote. The incident, and the record-breaking data assault that brought it on, open a troubling new chapter in the short history of the Internet.”

“It’s hard to imagine a stronger form of censorship than these DDoS attacks because if nobody wants to take you on then that’s pretty effective censorship,” Krebs told Ars on Friday. “I’ve had a couple of big companies offer and then think better of offering to help me. That’s been frustrating.’”

“Formal verification: unlike most computer code, which is written informally and evaluated based mainly on whether it works, formally verified software reads like a mathematical proof: Each statement follows logically from the preceding one. An entire program can be tested with the same certainty that mathematicians prove theorems.”